Secure and Resistant Blockchain for Financial and Business Applications. The aim of this project is to develop a practical secure blockchain technology for the booming applications in finance and business. This project expects to address the leading security threats to the current blockchain applications. The expected outcome is an executable secure and resistant blockchain prototype through the integration of the latest developed and customized techniques. The success of the project will dramat ....Secure and Resistant Blockchain for Financial and Business Applications. The aim of this project is to develop a practical secure blockchain technology for the booming applications in finance and business. This project expects to address the leading security threats to the current blockchain applications. The expected outcome is an executable secure and resistant blockchain prototype through the integration of the latest developed and customized techniques. The success of the project will dramatically benefit Australian people and government, especially for the Australian ICT industry for commercializing the research outputs. Read moreRead less
Discovery Early Career Researcher Award - Grant ID: DE230100473
Funder
Australian Research Council
Funding Amount
$410,154.00
Summary
Effective integration of human and automated analyses for security testing. This DECRA project aims to significantly improve the performance of current state-of-the-art automated security testing approaches, enabling them to discover more security bugs in strict time constraints. The key innovation of the project is its novel way to embrace human element to leverage the ingenuity of the developers. This project will help companies improve the security and reliability of their products, thwarting ....Effective integration of human and automated analyses for security testing. This DECRA project aims to significantly improve the performance of current state-of-the-art automated security testing approaches, enabling them to discover more security bugs in strict time constraints. The key innovation of the project is its novel way to embrace human element to leverage the ingenuity of the developers. This project will help companies improve the security and reliability of their products, thwarting cyberattacks that cost Australian business $29 billion each year. The knowledge from this project will be transferred and integrated into higher education subjects to train the next generations of software developers, who are responsible to build security-critical systems that we all rely on now and in the future.Read moreRead less
Learning Software Security Analysers with Imperfect Data. This project aims to systematically investigate next-generation learning-based software security analysis to detect vulnerabilities in real-world large-scale software. The expected learning-based foundation will support the handling of imperfect data in order to provide a precise, scalable and adaptive security analysis of the critical software components, thus capturing important security vulnerabilities missed by existing approaches. Th ....Learning Software Security Analysers with Imperfect Data. This project aims to systematically investigate next-generation learning-based software security analysis to detect vulnerabilities in real-world large-scale software. The expected learning-based foundation will support the handling of imperfect data in order to provide a precise, scalable and adaptive security analysis of the critical software components, thus capturing important security vulnerabilities missed by existing approaches. The success of this project will further enhance the international competitiveness of Australian research in this important field and will benefit any Australian industry and business where software systems are deeply-rooted, such as transportation, smart homes, medical devices, defence and finance.Read moreRead less
Secure Management of Internet of Things Data for Critical Surveillance. This project aims to develop innovative models/algorithms to manage Internet of Things (IoT) data safely and reliably. This project expects to generate new knowledge in the area of classified information governance using innovative data collection, transmission and analysis techniques that overcome the security concerns in large-scale collaborative sensing. Expected outcomes include novel abstract interfaces for IoT, adaptiv ....Secure Management of Internet of Things Data for Critical Surveillance. This project aims to develop innovative models/algorithms to manage Internet of Things (IoT) data safely and reliably. This project expects to generate new knowledge in the area of classified information governance using innovative data collection, transmission and analysis techniques that overcome the security concerns in large-scale collaborative sensing. Expected outcomes include novel abstract interfaces for IoT, adaptive trust and integrity preserving methods, and reliable distributed data processing mechanisms to mitigate vulnerabilities in real-time IoT-enabled critical surveillance. This should provide significant benefits to Australia's economy, one of which is the enhanced consumer-centric adoption of IoT for sensitive operations.Read moreRead less
Discovery Early Career Researcher Award - Grant ID: DE170101081
Funder
Australian Research Council
Funding Amount
$360,000.00
Summary
Adaptive value-flow analysis to improve code reliability and security. This project aims to develop client-driven adaptive value-flow analysis to detect software bugs in system software written in the C/C++ programme language. Static analysis tools for automated code inspections can benefit software developers, but are imprecise, inefficient and not user-friendly for analysing real-world industrial-sized software. The project will investigate static, dynamic and user-guided value-flow analysis t ....Adaptive value-flow analysis to improve code reliability and security. This project aims to develop client-driven adaptive value-flow analysis to detect software bugs in system software written in the C/C++ programme language. Static analysis tools for automated code inspections can benefit software developers, but are imprecise, inefficient and not user-friendly for analysing real-world industrial-sized software. The project will investigate static, dynamic and user-guided value-flow analysis to efficiently and precisely analyse large-scale programs according to clients’ needs, thereby allowing compilers to generate safe, reliable and secure code. This project is expected to advance value-flow analysis for industrial-sized software, improve software reliability and security, and benefit Australian software systems and industries.Read moreRead less
Preventing sensitive data exfiltration from insiders . Confidential data such as military secrets or intellectual property must never be disclosed outside the organisation; formally protecting data exfiltration from insider attacks is a major challenge. This project aims to develop a pattern matching based systematic methodology for data exfiltration in database systems. We will devise highly accurate detection tools and secure provenance techniques that can effectively protect against insider a ....Preventing sensitive data exfiltration from insiders . Confidential data such as military secrets or intellectual property must never be disclosed outside the organisation; formally protecting data exfiltration from insider attacks is a major challenge. This project aims to develop a pattern matching based systematic methodology for data exfiltration in database systems. We will devise highly accurate detection tools and secure provenance techniques that can effectively protect against insider attacks. The outcomes of the project will incorporate new security constraints and policies raised by emerging technologies to enable better protection of sensitive information. Read moreRead less
Secure user authentication with continuous adaptive risk evaluation. Users typically authenticate to any given system only once - when they first access it (for example, through providing a password or fingerprint). The prevalence of single sign-on further allows this single authentication to be sufficient for access to multiple systems. Thus an adversary can obtain a large degree of access from stealing a single password, hijacking a user's session, or even simply borrowing their phone. This pr ....Secure user authentication with continuous adaptive risk evaluation. Users typically authenticate to any given system only once - when they first access it (for example, through providing a password or fingerprint). The prevalence of single sign-on further allows this single authentication to be sufficient for access to multiple systems. Thus an adversary can obtain a large degree of access from stealing a single password, hijacking a user's session, or even simply borrowing their phone. This project aims to develop a continuous authentication approach based on user behaviour - typical interactions plus biometrics (for example, keystroke dynamics) - combined with a risk adaptive assessment of the resources being accessed, resulting in re-authentication requests in the event of a suspected compromise.Read moreRead less
Defending AI based FinTech Systems against Model Extraction Attacks. This project aims to develop new methods for defending artificial intelligence (AI) based FinTech systems from highly potent and insidious model extraction attacks whereby an adversary can steal the AI model from the system to cause intellectual property (IP) violation, business advantage disruption, and financial loss. This can be achieved by examining various attack models, creating active and utility-preserving defences, and ....Defending AI based FinTech Systems against Model Extraction Attacks. This project aims to develop new methods for defending artificial intelligence (AI) based FinTech systems from highly potent and insidious model extraction attacks whereby an adversary can steal the AI model from the system to cause intellectual property (IP) violation, business advantage disruption, and financial loss. This can be achieved by examining various attack models, creating active and utility-preserving defences, and inventing non-removable watermarks on AI models. The outcomes are new tools for securing AI-based FinTech systems before deployment and tools for IP violation forensics post-deployment. Such capabilities are beneficial by improving the security and safety of FinTech systems and other nationally critical AI systems.Read moreRead less
Developing an active defence system to identify malicious domains and websites. This project aims to develop an innovative active defence system to effectively identify malicious Internet domains and websites. It can secure the cyberspace that is essential to the daily work of Australian people, thus addresses a fundamental problem in safeguarding Australia from cyber crime and terrorism.
MemberGuard: Protecting Machine Learning Privacy from Membership Inference. Machine Learning has become a core part of many real-world applications. However, machine learning models are vulnerable to membership inference attacks. In these attacks, an adversary can infer if a given data record has been part of the model's training data. In this project, the team aims to develop new techniques that can be used to counter these attacks, such as 1) new analytical models for membership leakage, 2) ne ....MemberGuard: Protecting Machine Learning Privacy from Membership Inference. Machine Learning has become a core part of many real-world applications. However, machine learning models are vulnerable to membership inference attacks. In these attacks, an adversary can infer if a given data record has been part of the model's training data. In this project, the team aims to develop new techniques that can be used to counter these attacks, such as 1) new analytical models for membership leakage, 2) new methods for susceptibility diagnosis, 3) new defences that leverage privacy and utility. Data-oriented services are estimated to be valuable assets in the future. These techniques can help Australia gain cutting edge advantage in machine learning security and privacy and protect its intellectual property on these services.Read moreRead less